public async Task Attribute_exclusion_from_resource_definition_is_applied_for_non_empty_query_string() { // Arrange var resource = new CallableResource { Label = "X", RiskLevel = 3 }; await _testContext.RunOnDatabaseAsync(async dbContext => { dbContext.CallableResources.Add(resource); await dbContext.SaveChangesAsync(); }); string route = $"/callableResources/{resource.StringId}?fields[callableResources]=label,riskLevel"; // Act (HttpResponseMessage httpResponse, Document responseDocument) = await _testContext.ExecuteGetAsync <Document>(route); // Assert httpResponse.Should().HaveStatusCode(HttpStatusCode.OK); responseDocument.SingleData.Should().NotBeNull(); responseDocument.SingleData.Id.Should().Be(resource.StringId); responseDocument.SingleData.Attributes.Should().HaveCount(1); responseDocument.SingleData.Attributes["label"].Should().Be(resource.Label); responseDocument.SingleData.Relationships.Should().BeNull(); }
public async Task Queryable_parameter_handler_from_resource_definition_is_not_applied_on_secondary_request() { // Arrange var resource = new CallableResource { RiskLevel = 3, Children = new List <CallableResource> { new CallableResource { RiskLevel = 3 }, new CallableResource { RiskLevel = 8 } } }; await _testContext.RunOnDatabaseAsync(async dbContext => { dbContext.CallableResources.Add(resource); await dbContext.SaveChangesAsync(); }); string route = $"/callableResources/{resource.StringId}/children?isHighRisk=true"; // Act (HttpResponseMessage httpResponse, ErrorDocument responseDocument) = await _testContext.ExecuteGetAsync <ErrorDocument>(route); // Assert httpResponse.Should().HaveStatusCode(HttpStatusCode.BadRequest); responseDocument.Errors.Should().HaveCount(1); Error error = responseDocument.Errors[0]; error.StatusCode.Should().Be(HttpStatusCode.BadRequest); error.Title.Should().Be("Custom query string parameters cannot be used on nested resource endpoints."); error.Detail.Should().Be("Query string parameter 'isHighRisk' cannot be used on a nested resource endpoint."); error.Source.Parameter.Should().Be("isHighRisk"); }
public async Task Include_from_resource_definition_has_blocked_capability() { // Arrange var userRolesService = (FakeUserRolesService)_testContext.Factory.Services.GetRequiredService <IUserRolesService>(); userRolesService.AllowIncludeOwner = false; var resource = new CallableResource { Label = "A", IsDeleted = false }; await _testContext.RunOnDatabaseAsync(async dbContext => { await dbContext.ClearTableAsync <CallableResource>(); dbContext.CallableResources.Add(resource); await dbContext.SaveChangesAsync(); }); const string route = "/callableResources?include=owner"; // Act (HttpResponseMessage httpResponse, ErrorDocument responseDocument) = await _testContext.ExecuteGetAsync <ErrorDocument>(route); // Assert httpResponse.Should().HaveStatusCode(HttpStatusCode.BadRequest); responseDocument.Errors.Should().HaveCount(1); Error error = responseDocument.Errors[0]; error.StatusCode.Should().Be(HttpStatusCode.BadRequest); error.Title.Should().Be("Including owner is not permitted."); error.Detail.Should().BeNull(); }